create-visualization
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The file references/manim-guide.md instructs the user to execute sudo apt install for system dependencies. Granting root privileges to installers recommended by untrusted skills is a high-risk security practice.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection (Category 8). (1) Ingestion points: External content like math functions and Excel formulas (e.g., lambda x: np.sin(x), visualize_function.py arguments). (2) Boundary markers: None identified in the provided instructions or script logic. (3) Capability inventory: High-privilege actions including subprocess calls (manim, python3), local file writing (media/ folder), and network operations (ftp_upload.py to an external domain). (4) Sanitization: No evidence of input validation, escaping, or filtering for external content before execution or interpolation.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of the manim package and various Linux system libraries without version pinning or source verification, increasing exposure to supply chain attacks.
- [COMMAND_EXECUTION] (MEDIUM): Core features rely on calling shell commands with parameters derived from user input (slugs, programs, examples), which could lead to command/argument injection if inputs are not strictly sanitized by the internal tools.
Recommendations
- AI detected serious security threats
Audit Metadata